On Tue, 2010-01-05 at 11:29 +0100, Sylvain Munaut wrote:
so if you place a call in that cell yourself, you can get theses
easily before hand. The only remaining unknowns are the timeslot and
the index.
Also this will work only if at every point of time there is a
single
Sounds very interesting, the Spartan-6 FPGA SP601 Evaluation Kit may be
a capable and not expensive (295$) model with GbE.
So 700$ for the USRP, 550$ for 2 RFX-900s / 2 RFX-1800s and the 295$ for
the FPGA kit, that will be 1545$ for either a full GSM900 or GSM1800
Sniffer, or 1840$ to have the
Hi Sylvain, Sascha,
Thank you for corrections. I'm not a great GSM expert and
still learning, you know.
I think it would be great if one placed this kind of information
about frequency hopping into a FAQ on the site. I.e. to answer
the question: Why GSMA think of hopping as a 'security'
feature
2010/1/5 Clemens Gruber philist...@gmail.com:
can anybody confirm that the RFX1800 general i/o lines can be accessed
the same way as for the RFX900?
(btw. what about these threads on the gnuradio-mailinglist about
converting a rfx1800 to a rfx900 and backwards..? is that possible?)
Yes,
to the corresponding downlink one.
RegardsSylvain
--- On Mon, 1/4/10, Alexander Chemeris alexander.cheme...@gmail.com wrote:
From: Alexander Chemeris alexander.cheme...@gmail.com
Subject: Re: [A51] Truth about this work
To: Sylv1 sylv1...@yahoo.com
Cc: p q ultimat...@gmail.com, A51 A51list a51@lists.reflextor.com
--
From: Sylv1 sylv1...@yahoo.com
Date: Mon, Jan 4, 2010 at 12:58 PM
Subject: Re: [A51] Truth about this work
To: Alexander Chemeris alexander.cheme...@gmail.com
Cc: A51 A51list a51@lists.reflextor.com
Hello,
yes this is a solution but you have to double the cost of the attack
buying
thanks for the last two questions
this was also the important facts that nobody mentioned them . to do
a successful attack to A5/1 enabled GSM you need to capture signal on a
wide-band style meaning you need to capture all the bands that may have
carrier on them . this is highly depended on the
On Mon, Jan 4, 2010 at 5:46 AM, p q ultimat...@gmail.com wrote:
thanks for the last two questions
this was also the important facts that nobody mentioned them . to do
a successful attack to A5/1 enabled GSM you need to capture signal on a
wide-band style meaning you need to capture all the
On 04/gen/10, at 11:46, p q wrote:
i saw people are fantasizing this work to put it on some hacker CD
like Wifi and WEP stuff . i'm going to go out and say it : people ,
this is far more complicated and more expensive than that . this is
all just because of the expensive and close
see this listing of the nokia 3210 hardware:
https://www.pqgruber.com/other/Portable.pdf
Maybe we can use similar parts and build our own peripheral perfectly
fitting our needs.. it should be much cheaper than 2 usrp2s with
daughterboards etc.
if there are enough interested people, it will be
Hello,
Yes, it looks a good idea to make a phone. BTW, why isn't it possible
to make a sniffer from a cell phone, it has all the components that
are needed. Probably it is possible to write a firmware and to
simulate some tricky simcard to make it do what we need.
2010/1/4 Clemens Gruber
and
build phones know what they are doing
-- Forwarded message --
From: Evgeniy Shelepov eugene.shele...@gmail.com
Date: Mon, Jan 4, 2010 at 3:43 PM
Subject: Re: [A51] Truth about this work
To: a51 a51@lists.reflextor.com
Hello,
Yes, it looks a good idea to make a phone
5$ chinese mobiles can make/receive calls.There are two main things to be
noticed.
1] Gsm interceptors will be soon sold just besides the burgers/pizza within
next 2yrs..
2] We didn't need usrp2 etc... to sniff two way communication,We need the
hacker who after successfully intercepting GSM
about this work
To: a51 a51@lists.reflextor.com
Hello,
Yes, it looks a good idea to make a phone. BTW, why isn't it
possible
to make a sniffer from a cell phone, it has all the components
wrote:
From: Clemens Gruber philist...@gmail.com
Subject: Re: [A51] Truth about this work
To: a51@lists.reflextor.com
Date: Monday, January 4, 2010, 5:01 AM
I thought not of building a phone
itself but we could use some of the
parts which have been used in the nokia 3210.
Same approach
with it? It has a public firmware source code.
http://www.google.com/search?hl=moq=cache:wiki.thc.org/gsm/opentsmbtnG=C%C4%83utare
--- On Mon, 1/4/10, Clemens Gruber philist...@gmail.com wrote:
From: Clemens Gruber philist...@gmail.com
Subject: Re: [A51] Truth about this work
To: a51
On Mon, Jan 4, 2010 at 3:26 PM, 31337 31...@tilc.info wrote:
So... why not also Neo Freerunner or 1973?!
http://wiki.openmoko.org/wiki/Main_Page
http://wiki.openmoko.org/wiki/Neo_FreeRunner
The GSM part of the FreeRunner is a hardware blob. The rest of the
phone communicates with it using the
/10, Clemens Gruber philist...@gmail.com wrote:
From: Clemens Gruber philist...@gmail.com
Subject: Re: [A51] Truth about this work
To: a51@lists.reflextor.com
Date: Monday, January 4, 2010, 5:01 AM
I thought not of building a phone
itself but we could use some of the
parts which have been
Guys,
Alexander Chemeris alexander.chemeris at gmail.com
Tue Jan 5 00:01:28 CET 2010
I'm sorry, but you can build sniffer from a phone only if
frequency hopping is not enabled (rare case). Otherwise
you need to capture *whole* frequency band, in which
hopping it performed. Phone hardware cannot
On Mon, 04 Jan 2010 13:06:17 +0100, Clemens Gruber philist...@gmail.com
wrote:
Hi,
see this listing of the nokia 3210 hardware:
https://www.pqgruber.com/other/Portable.pdf
Maybe we can use similar parts and build our own peripheral perfectly
fitting our needs.. it should be much cheaper than
Hi,
Phones can NOT capture uplink. I should have been more
precise - their are configured in hardware to capture only
a single channel in downlink, no more. At least all phones
I'm aware of do so.
Also you *have to* capture full band before you find a key,
because you do not know hopping
On Mon, Jan 04, 2010 at 02:16:57PM +0330, p q wrote:
to capture Downlink of a BTS that offers GSM1800 you need to capture at
least 75 MB of the spectrum space . this is far more than USRP and also
beyond USRP2
this is not true. a usrp2 can sample 100mhz from the air and it can transfer
about
On Tue, Jan 05, 2010 at 07:51:03AM +0300, Alexander Chemeris wrote:
Also you *have to* capture full band before you find a key,
because you do not know hopping sequence without
deciphering. That's why GSMA referred to hopping as
a security feature - if no ingenious solution is found, you
will
Also you *have to* capture full band before you find a key,
because you do not know hopping sequence without
deciphering.
Not entirely true.
1) If the network uses Very early assignement, you will see the hopping
sequence parameters in clear
2) If you stay on the sdcch (sms), you will see
2010/1/3 Sylv1 sylv1...@yahoo.com
Hi all,
i agree with p q for all the presented points. I just would like that
someone contradicts me with an example.
Is anybody abble to listen and record his own GSM conversation up and
downlink?
I'm trying to do that with the USRP and airprobe stuff but
...@gmail.com* wrote:
From: p q ultimat...@gmail.com
Subject: Re: [A51] Truth about this work
To: javier falbo javier_fa...@hotmail.com
Cc: a51@lists.reflextor.com
Date: Saturday, January 2, 2010, 3:26 PM
Thanks for the first practical answer . so , would you please capture one
of your own
in a network.
Keep in mind, that the algorythm must have particularities: FAST, no power
consumption, easy to code, etc.
Javier
--
Date: Sat, 2 Jan 2010 18:18:09 +0330
From: ultimat...@gmail.com
To: a51@lists.reflextor.com
Subject: [A51] Truth about this work
happy
the audio in mp3 format.
What you are requesting is illegal. :)
Javier
Date: Sat, 2 Jan 2010 18:44:48 +0330
Subject: Re: [A51] Truth about this work
From: ultimat...@gmail.com
To: javier_fa...@hotmail.com
CC: a51@lists.reflextor.com
thanks Javier , how do you do ? ;)do you notice you didnt do
, uploaded somewhere on
internet, and maybe someone from here, decoded and send you the audio in mp3
format.
What you are requesting is illegal. :)
Javier
--
Date: Sat, 2 Jan 2010 18:44:48 +0330
Subject: Re: [A51] Truth about this work
From: ultimat...@gmail.com
29 matches
Mail list logo